Per User Authorization from Mobile App

Here is what I learned by talking to a WordPress dev. Not sure if it’s something you need also

Using oAuth is a pain and making it work in your context is going to be a big pain. In fact, given the way that you’re using the API, I don’t think you should do any authentication as doing so could create unforeseen security issues.

In my article in Torque on working with meta data via the REST API, I showed how to use the filter for opening access to additional arguments. In that case it was meta_key and meta_value. You could use the same basic idea to make posts_per_page a publicly accessible argument.

You should keep in mind the dangers of doing so. You’re going to want to set a limit on the max number of posts per page to prevent third parties from making huge requests with it, which shouldn’t be too hard to do.

Article here https://torquemag.io/working-meta-data-using-json-rest-api/

Thanks – there are major concerns with opening up ANY meta data without analysis of what is already stored there (and repeat for every new plugin…)

The developer has to limit standard functionality of this plugin, particularly user and post meta.

Closing issue – I am developing my own auth for the client.

Yes, I have to look into that for sure. I wonder if access to all posts opens up any security issues.